WordPress Security Update

April 21, 2015, the WordPress team released security update (WordPress 4.1.2) to address critical vulnerabilities found in its previous versions. On of the flaws this update covers is a cross-site scripting vulnerability, which can allow a remote malicious user to gain control of a targeted WordPress site.

The latest update also includes fixes for the following issues according to the WordPress.Org blog:

A flaw wherein files with invalid or unsafe names could be uploaded; affects WordPress 4.1 and higher

A limited cross-site scripting flaw, which could be used as part of a social engineering attack; affects WordPress 3.9 and higher

Some plugins susceptible to an SQL injection vulnerability

WordPress 4.1.2 also includes four hardening changes, one of which is a better validation for post titles within the Dashboard. Read more details on the release notes here.